If using the NSX Enforced Mode you must disable Quarantine Policy if previously enabled. .

This step is only applicable to the NSX Enforced Mode.

With Quarantine Policy enabled, your VMs are assigned security groups in your public cloud that are defined by NSX Cloud.

When you undeploy PCG, you must disable Quarantine Policy. Follow these steps: :
  1. Go to the VPC or VNet in CSM.
  2. From Actions > Edit Configurations >, turn off the setting for Default Quarantine .
  3. All VMs that are unmanaged or quarantined in this VPC or VNet will be assigned to the default security group in AWS and the default-vnet-<vnet-id>-sg security group in Microsoft Azure.
  4. If there are managed VMs while disabling Quarantine Policy, they retain their NSX Cloud-assigned security groups. The first time you remove the nsx.network=default tag from such VMs to take them out from NSX management, they are also assigned to the default security group in AWS and the default-vnet-<vnet-id>-sg security group in Microsoft Azure.
    Note: The common Resource Group created in Microsoft Azure, that is named like: nsx-default-<region-name>-rg, for example: nsx-default-westus-rg, is not removed when you undeploy PCG. This Resource Group and all the NSX-created security groups named like default-<vnet-ID>-sg are not deleted from the Microsoft Azure region. You can remove the NSX Cloud-specific security group any time after the VNet is off-boarded.

See Auto-Configurations after PCG Deployment or Linking for a list of NSX Cloud security groups.